An exploit has surfaced that suggests many MacOS X systems (MacBook, MacBook Pro, iMac and similar) can have security bypassed by using “root” user. Yikes! How do I know if that’s a risk on my computer and fix it if my Mac is vulnerable?
You’re correct that in the last few days of November, 2017 a security researcher pointed out to Apple that if a MacOS X user has enabled root account access but not set a password that anyone can actually log in to the computer or gain administrative capabilities through a trivial few steps. What isn’t well explained is whether users had to manually enable root (as the system’s designed to require) or whether certain versions of MacOS X were accidentally shipped with root enabled, but no password set.
In any case, it’s fairly easy to test and not too difficult to close up on your Mac systems, though I am sure that the next security patch from Cupertino will include a fix for this weird glitch. To state what might be obvious, this is a pretty big security hole because if you’re vulnerable to the root access bug, you might well also be vulnerable to attacks from the Internet at large.
So let’s jump in. To start, you can easily check to see if you’re vulnerable by going to System Preferences and clicking on “Users & Groups”, or using Spotlight to search for ‘users & groups’. Either way, you’ll end up on a page with some info and a padlock icon on the bottom. Click on the icon and a login window will pop up, just like this:
Now type in the user name “root” as shown, then without entering any password at all click on “Unlock“. If the window shakes back and forth without changing, that’s the systems way of nodding “no”, which means it didn’t accept the no-password login and you’re safe. Way to go!
If it did accept this, you’ll know because the padlock will be unlocked. This is bad. But we can fix it, no reason to panic. In fact, the fix isn’t too hard at all.
Once you’re unlocked, you’ll see a window similar to this:
See the item “Login options” on the lower left? Click on it and the main window will change to show the following options:
You can ignore all the check boxes because what you want is the “Network Account Server” on your MacBook Air/Pro or iMac or similar. See it on the bottom? Click on “Join…” to proceed.
It pops up a skinny little window inviting you to enter a server address:
You don’t want to enter anything here, however. Just click on “Open Directory Utility…” and you’ll switch from System Preferences to the Open Directory Utility, an entirely different MacOS X program:
This is where it gets a bit weird. You don’t want to click on anything in this window, no buttons, no entries, nada. Instead, click on the padlock. It will require you to enter your account info again – you can use your own administrator account for safety:
Once you’ve entered the correct data – after clicking “Use Password…” of course – you’ll see some different options on the program’s menus, including this:
Choose to Enable Root User on your Mac system and it’ll prompt you for a system password:
That’s good. Enter something complicated that you’ll remember and you just closed up the hole on your system, nicely done!
Some people might decide that they want to turn off root access on their Mac system, however, which is another valid solution to the problem. To do that, the Edit menu will contain something slightly different:
Problem solved. In essence, there are two easy ways to fix this security problem; either set a password for your root user or disable the root user entirely. Now you know how to do both.